kafka-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajasekar Elango (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KAFKA-1690) new java producer needs ssl support as a client
Date Mon, 03 Aug 2015 22:30:06 GMT

    [ https://issues.apache.org/jira/browse/KAFKA-1690?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14652678#comment-14652678
] 

Rajasekar Elango commented on KAFKA-1690:
-----------------------------------------

[~harsha_ch] Thanks for documentation, I tried to run this locally and here are my observations.

1. On kafka server.properties, I had to remove quotes for SSL properties to make it work.
For eg when I had ssl.keystore.type = "JKS"; I got org.apache.kafka.common.KafkaException:
java.security.KeyStoreException: "JKS" not found, when I changed to ssl.keystore.type = JKS
, it worked, I had to do this for all ssl properties. Not sure if its just me, can you confirm
if it works with quotes?

2. Console producer worked in secure mode, but I need to specify keystore location and password
in addition to truststore, I guess documentation need to be updated.

3. Console consumer works in plaintext mode, not sure how to force SSL, I added --property
security.protocol=SSL, It seem to be ignored, can you provide an example? 

I would suggest moving all SSL related configurations to separate ssl config file for broker
and producer/consumer. Reason I ask is ssl properties contains secret information like passwords
that need to be stored in secure location. If it's part of kafka server.properties we can't
keep it in source control and we need keep whole kafka server.properties in secure location.
So it's better to accept ssl.config.location as property in server.properties and read all
ssl properties from there. The same applies to producer/consumer, producer/consumer.properties
can be in source control while security properties can be pulled from secure location. It
will also simplify running console-producer/console-consumer easily with one ssl.config.location
option instead of bunch of ssl properties.



> new java producer needs ssl support as a client
> -----------------------------------------------
>
>                 Key: KAFKA-1690
>                 URL: https://issues.apache.org/jira/browse/KAFKA-1690
>             Project: Kafka
>          Issue Type: Sub-task
>            Reporter: Joe Stein
>            Assignee: Sriharsha Chintalapani
>             Fix For: 0.8.3
>
>         Attachments: KAFKA-1690.patch, KAFKA-1690.patch, KAFKA-1690_2015-05-10_23:20:30.patch,
KAFKA-1690_2015-05-10_23:31:42.patch, KAFKA-1690_2015-05-11_16:09:36.patch, KAFKA-1690_2015-05-12_16:20:08.patch,
KAFKA-1690_2015-05-15_07:18:21.patch, KAFKA-1690_2015-05-20_14:54:35.patch, KAFKA-1690_2015-05-21_10:37:08.patch,
KAFKA-1690_2015-06-03_18:52:29.patch, KAFKA-1690_2015-06-23_13:18:20.patch, KAFKA-1690_2015-07-20_06:10:42.patch,
KAFKA-1690_2015-07-20_11:59:57.patch, KAFKA-1690_2015-07-25_12:10:55.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message